If, like me, you have ever had an account with the daily deals site LivingSocial then you will this morning have received an email alerting you that the company has become a victim of a large database hack.
Normally, unsubscribing from email communications with a company should mean just that – you never hear from them again via that medium but, in this case, I am pleased to see that LivingSocial have taken the step of contacting ALL their customers in order to let them know what has happened and what they may now do about it.
The email, sent by CEO Tim O’Shaughnessy, says –
“LivingSocial recently experienced a security breach on our computer systems that resulted in unauthorised access to some customer data from our servers. We are actively working with the authorities to investigate this issue.
The information accessed includes names, email addresses, the date of birth of some users, and encrypted passwords; technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.”
The email also goes onto say that –
“The database that stores customer credit card information was not affected or accessed.”
– which is, of course, good news for myself and the tens of million other customers for which LivingSocial are storing such sensitive information.
Additionally, the email also advises customers to change their passwords elsewhere on the web which is always sound advice after such a breach and, if you too are a customer, then you will do exactly that I hope, especially if you are one of the many internet users out there who still uses a small pool of passwords for all of your online accounts.
Additionally, you would be advised to be on the lookout for any further emails from LivingSocial. As the hacker(s) now have identifying information on their hands, including names and email addresses, there is the possibility that they could use that in order to send phishing emails that could well look legitimate to unsuspecting eyes. Therefore you would be wise to visit LivingSocial by typing their web address directly into your browser and not by clicking on any links in emails that may appear to have come from them.
Lessons to be learned
- Use a different password for every online account you have
- Always change your password as soon as possible after a security incident
- Be wary of links in emails, however genuine they may look